RSAC 2026: AI reshapes cyber defense and threat landscape

SAN FRANCISCO — RSAC 2026 opened this week marking its 35th year, drawing more than 43,000 attendees and setting the tone for a conference defined by one central theme: community. But beneath that message, keynote speakers made clear that the industry is entering a new phase, one in which artificial intelligence is fundamentally reshaping both how attacks are carried out and how defenses must evolve. 

In opening remarks, RSAC Executive Chairman Hugh Thompson underscored the urgency of that shift, warning that security teams can no longer afford to be passive as AI becomes deeply embedded in both offensive and defensive operations.  

Security teams must actively shape how the technology is deployed and protected. Adversaries are already experimenting with agentic AI systems, said Vasu Jakkal, corporate vice president of Microsoft’s security business.

“The magnitude of change underway is difficult to fully grasp,” she said as AI is enabling attackers to operate with unprecedented speed and scale.

In that environment, traditional security approaches built on static policies and predefined rules are no longer sufficient, Jakkal added. 

Instead, Jakkal pointed to a shift toward proactive, continuously operating security models, where systems are designed to anticipate, adapt and respond in real time. She described a future in which security architectures function as “always-on, self-defending” environments powered by AI, capable of learning from activity and adjusting defenses dynamically.

Related reading:

Central to that evolution is the rise of AI agents as both a new attack surface and a new control layer. According to IDC projections, there could be as many as 1.3 billion AI agents in operation by 2028, Jakkal said, each requiring governance and protection similar to that applied to human users and traditional endpoints. This shift is forcing organizations to rethink identity as a broader concept that includes not only people and devices, but also autonomous systems acting on their behalf. 

Jakkal said the foundation for securing this new environment begins with observability, particularly around identity. Organizations must be able to understand how both human and machine identities behave across systems, with AI agents treated as active participants whose actions can be monitored, analyzed and governed. Security platforms, in turn, must be capable of continuously learning and adapting as those behaviors evolve. 

Jeetu Patel, president and chief product officer at Cisco, echoed that view, emphasizing the need to manage and control these emerging agent-based environments.

The concept of agentic security reflects a broader transition toward systems that operate with a high degree of autonomy, creating a continuous feedback loop between detection and response, said Patel. In this model, foundational principles such as zero trust remain essential, but must evolve to account for machine identities and AI-driven interactions at scale. 

The keynote also highlighted the growing geopolitical dimension of AI-driven cybersecurity. H.E. Dr. Mohamed Al Kuwaiti, head of cybersecurity for the United Arab Emirates government, outlined an ambitious national strategy centered on creating 1 billion AI agents within a country-scale defense architecture. 

As part of that effort, Al Kuwaiti pointed to the UAE’s “Crystal Ball” initiative, first introduced in 2023, which is designed to detect and counter cyber threats through large-scale collaboration and shared intelligence. The long-term goal is to enable AI agents to exchange threat data across organizations and, potentially, across national boundaries, creating a more coordinated global defense posture.